From 755a1de452d08618ffcb03db952fd78dce4f87c3 Mon Sep 17 00:00:00 2001 From: Yu-Chi Cheng Date: Tue, 30 Mar 2021 08:50:13 -0700 Subject: [PATCH] Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version. Both services invoke InitGoogle in order to use google utilities (e.g. file). Since InitGoogle reads the kernel info from /proc/version, this change added the corresponding selinux rules to allow that. Bug: 183935416 Test: tested on Oriole. Change-Id: Icb8f3a57e249774b5fad3284413661b04ff7dae6 --- whitechapel/vendor/google/edgetpu_service.te | 4 ++++ whitechapel/vendor/google/hal_neuralnetworks_darwinn.te | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/whitechapel/vendor/google/edgetpu_service.te b/whitechapel/vendor/google/edgetpu_service.te index a30400ad..96e452ca 100644 --- a/whitechapel/vendor/google/edgetpu_service.te +++ b/whitechapel/vendor/google/edgetpu_service.te @@ -34,3 +34,7 @@ binder_call(edgetpu_server, system_server); # Allow EdgeTPU service to access Android shared memory allocated # by the camera hal for on-device compilation. allow edgetpu_server hal_camera_default:fd use; + +# Allow EdgeTPU service to read the kernel version. +# This is done inside the InitGoogle. +allow edgetpu_server proc_version:file r_file_perms; diff --git a/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te b/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te index 9329a878..48848279 100644 --- a/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te +++ b/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te @@ -18,3 +18,7 @@ allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir add_hwservice(hal_neuralnetworks_darwinn, hal_neuralnetworks_hwservice) hwbinder_use(hal_neuralnetworks_darwinn) get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop) + +# Allow TPU HAL to read the kernel version. +# This is done inside the InitGoogle. +allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;